[syslog-ng] Has Anyone Gotten Syslog-NG Running as Non-Root Working?
Mathew Brown
mathewbrown at fastmail.fm
Wed Nov 28 10:30:26 CET 2007
Hi,
I'm currently trying to get syslog-ng running as a non-privileged
user. What I've done so far is as follows:
* create a sysng user and group
* stopped syslog from running
* modified /etc/sysconfig/syslog-ng and set SYSLOGNG_OPTIONS to
SYSLOGNG_OPTIONS="-p /var/run/syslogd.pid -u sysng -g sysng"
* Added the following to my config file:
owner(sysng);
group(sysng);
perm(0600);
# default owner, group, and permissions for created directories
# (defaults are 0, 0, 0700)
dir_owner(sysng);
dir_group(sysng);
dir_perm(0700);
* Fixed permissions under /var/log as follows:
chgrp -R sysng /var/log
chmod -R g+wx /var/log
* However, my primary problem is reading from /proc/kmsg. It seems that
when syslog-ng initially starts, it can open /proc/kmsg before it drops
privileges to sysng. Strace shows that it did:
17692 open("/proc/kmsg", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 3
However, I then find the following in my /var/log/messages file:
Nov 28 10:42:37 localhost syslog-ng[18356]: I/O error occurred while
reading; fd='3', error='Operation not permitted (1)'
So it looks like it can't read from /proc/kmsg.
Has anyone gotten this working? I found several related emails but
without a resolution to this issue including:
* https://lists.balabit.hu/pipermail/syslog-ng/2007-January/009684.html
* https://lists.balabit.hu/pipermail/syslog-ng/2007-October/010804.html
One possible solution that I'm currently thinking of is to use klogd
instead of reading from /proc/kmsg. Any input? Thanks for your help.
--
Mathew Brown
mathewbrown at fastmail.fm
--
http://www.fastmail.fm - One of many happy users:
http://www.fastmail.fm/docs/quotes.html
More information about the syslog-ng
mailing list